IAB and IAB Tech Lab collaborate on new privacy framework
IAB and IAB Tech Lab recently announced a new contractual framework for unifying compliance across state privacy laws. Will this do more good than harm?
We're living in an age where privacy concerns are skyrocketing. And as consumers, our worries about how our data is used and who has access to it are undoubtedly increasing.
In response, the IAB (Interactive Advertising Bureau) and IAB Tech Lab (IAB Technology Laboratory) have teamed together to support businesses in adhering to new privacy laws while still prioritizing consumers' privacy with a newly developed framework called the Multi-State Privacy Agreement (MSPA).
MSPA as part of the Global Privacy Platform
The partnership was first announced on October 13, 2022, as part of the Global Privacy Platform (GPP). The MSPA contains updated privacy protocols for the digital advertising business where marketers, agencies, publishers, and ad tech firms will benefit from the improved privacy protocols and industry-level agreements.
Overall, this works in conjunction with IAB Tech Lab's US State Signals initiative and is a part of a broader effort to highlight how crucial it is to protect consumer privacy and adhere to rules for digital advertisements. As a result, businesses now have it simpler to handle user consent signals and confidentiality worldwide.
Anthony Katsur, CEO of IAC Tech Lab, said, "IAB Tech Lab's Global Privacy Platform provides the technology toolkit the industry needs so publishers and advertisers can work with their vendors to manage privacy and consent management compliance on a global scale. The GPP also helps mitigate risk by increasing consumer transparency and control signals publishers and advertisers receive."
"We believe adopting both the Multi-State Privacy Agreement and the Global Privacy Platform will be a huge step forward for the industry. Privacy matters, and so does compliance. We need to get both right." he adds.
Update seeks to assure compliance with new regulations
One of the things why the MSPA was launched (as a newer version of the Limited Service Provider Agreement (LSPA) released in 2020) is to assure privacy compliance with five new state privacy regulations. The updated MSPA supports privacy legislation taking effect in 2023, including Colorado, Connecticut, Utah, Virginia, and California.
This MSPA agreement will help member companies address increasingly complex global privacy challenges while managing multiple consent signals from numerous jurisdictions.
"The patchwork of state regulations creates an increasingly complicated compliance landscape for the digital advertising industry," said Michael Hahn, EVP, General Counsel, IAB, and IAB Tech Lab. "The IAB Legal Affairs Council has been focused on meeting this challenge for the past year, and we believe the MSPA – the product of collaboration from stakeholders across the industry – is a crucial tool to solve this challenge."
Hahn continues by saying that "We have found a way to solve key advertising use cases that put consumers first, hews closely to the letter of the law, and, like the IAB Limited Service Provider Agreement, will be leveraged by small and large participants alike to meet their obligations."
MSPA's provisions
The provisions include:
- "Gap transactions," such that it applies contractual terms for those "sales" of personal information where there is ordinarily no contract in place in the digital advertising distribution chain
- Measurement and frequency capping, including when undertaking such activities using service providers
- Contextual advertising and advertising on a publisher's first-party segments
- A "national" approach option to state privacy compliance that is set at the highest common denominator across the new state with privacy laws
- Use of the IAB Tech Lab's technical specification for US State Signals in the GPP
Public scrutiny
If we talk about MSPA, we also need to discuss IAB's earlier release, GPP, which is tied to MSPA. To give you a slight heads up, GPP actually has a noble goal: to streamline the transmission of privacy, consent, and consumer choice signals from websites and applications to advertising technology providers.
Regardless, the technical issue stands out more. GPP is significantly simpler to adopt in large organizations than in groups of smaller ones. This disadvantages decentralized networks and collaborative organizations in favor of giant tech-integrated platforms and must be reworked. This caused mixed evaluations from the public, where the protocol was felt to be fishy and more burdensome for users.
IAB Europe's Transparency and Consent Framework (TCF) was previously investigated by the Belgian Data Protection Authority (BDPA) for violating GDPR standards. This made the public even more wary and demanded that IAB take more thoughtful steps before releasing other versions of frameworks that will bring more harm than good to the ecosystems.
If you have even the slightest concerns, you may review and provide feedback for IAB during this public comment period. But before that, make sure you read all the documents thoroughly. Click here to read the MSPA document and here to read the US State Signals.
Save time and money when creating and distributing high-quality content for branding and marketing with ContentGrow. Sign up to get your campaign started, or book a quick call with our team to learn more.